Hi Al, Thanks for your input, I will send you a sample.
Paypal sends campaigns for all their EMEA countries via our platform, so there are several sending domains used. Do I need to send a sample for each domain? Many thanks, Anne-Sophie ------------------------------ Message: 11 Date: Thu, 18 May 2017 04:19:54 -0700 From: Al Varnell <alvarn...@mac.com> To: ClamAV users ML <clamav-users@lists.clamav.net> Subject: Re: [clamav-users] Mail from Paypal wrongly identified as phishing by ClamAv Message-ID: <c4a9264a-d00c-4a7a-8059-af56c924b...@mac.com> Content-Type: text/plain; charset="us-ascii" This can be whitelisted by associating whatever foreign URL is being used within these messages with paypal domains, but you need to submit a sample to <http://www.clamav.net/reports/fp> so that it can be taken care of. -Al- On Thu, May 18, 2017 at 03:41 AM, outre...@epsilon.com wrote: > > Hello, > > Mail from our client Paypal is being wrongly flagged as phishing by ClamAv. > > We get this type of bounce erros: > 554 Your email was rejected because it contains the > Heuristics.Phishing.Email.SpoofedDomain virus > > Mailing IPs: 142.54.244. [96-110] > Mailing domains:mail.paypal.at, mail.paypal.nl, mail.paypal.com, > mail.paypal.pl Date of issue: 09 May 2017 > > Please make the necessary changes to your product ASAP. > > These emails are legitimate, sent to optin customers of Paypal, and > authenticate with SPF, DKIM and DMARC. > > > Please contact me if you need any additional information. > > Regards, > > Anne-Sophie Marsh, Sr Email Deliverability Manager EMEA > T +44 2086143219 M +44 7469352383 Epsilon, 67 Broad Street, Teddington > TW11 8QZ, UK epsilon.com<http://epsilon.com/> > [http://help.epsilon.com/images/logo.png] * _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml